Tuesday, May 29, 2012

Worm.Win32."Flame" unleashed -sophisticated cyber weapon?

FOX NEWS: Computer malware described as "the most sophisticated cyber weapon yet unleashed" has been uncovered in computers in the Middle East and may have infected machines in Europe, according to reports from antivirus researchers and software makers in Russia, Hungary and Ireland.

The malware, dubbed Worm.Win32.Flame, is unusual in its complexity, size and the multitude of ways it has of harvesting information from an infected computer including keyboard, screen, microphone, storage devices, network, Wi-Fi, Bluetooth, USB and system processes.

The malware is called "Flame" by Kaspersky Labs, a Moscow-based antivirus software maker, but also known as sKyWIper by the Hungarian Laboratory of Cryptography and System Security (CrySyS Lab).

'A nation state sponsored the research that went into it.'

- Kaspersky Labs

Both Kaspersky Labs and CrySyS Lab said it was likely the malware was developed by a government-sponsored entity.

"The geography of the targets [certain states are in the Middle East] and also the complexity of the threat leaves no doubt about it being a nation state that sponsored the research that went into it," Kaspersky Labs said in a report.

"The results of our technical analysis supports the hypotheses that sKyWIper was developed by a government agency of a nation state with significant budget and effort, and it may be related to cyber warfare activities," a CrySyS Lab report said. "Arguably, it is the most complex malware ever found."

Although the virus has just been detected, there was evidence that it may have been in operation for at least two years.

Vitaly Kamluk, chief malware expert for Kaspersky Labs, said there were many pointers to it being a weapon, not the least of which was how highly-targeted it was. According to their investigations, only 382 infections have been reported, 189 of which were in Iran, and the malware targeted individuals rather than organizations.

Kamluk said the malware was most likely introduced by a USB stick or other removable drive. Once injected, the malware would contact one of the many command and control servers around the world and download additional modules as needed.

It used the same technique as Stuxnet, an earlier highly sophisticated malware, to seek out other machines to infect.

"Unlike Stuxnet," said Kamluk, "[Flame] was much more sophisticated and not simply trying to infect every machine." He said the malware was also able to find out information about other devices around it.

While the finger of suspicion for Stuxnet was pointed at a number of suspects, including both U.S. and Israeli intelligence agencies, Kamluk said there was no evidence to suggest who might be responsible for Flame, and it was pure speculation to attribute blame.